<?php

/*
 * This file will check if the user inputs the correct username and password.
 * 
 * Created by: Peter Agno Jr.
 * Date created: September 11, 2011
 * 
 * In parameters: tempUsername, tempPassword
 * Out parameters: Valid or Invalid message of input parameters.
 */

session_start();

// Start - Checker for those users who will just go to the page by typing directly in the url.
if ($_POST) {
    include('../includes/siteConfig.php'); 

    // connect to database
    $connect = mysql_connect($hostName,$rootName,$dBasePassword) or die ('Unable to connect!');
    mysql_select_db($dBaseName) or die ('Unable to select database!');
    
    $username = $_POST['tempUsername'];
    $password = $_POST['tempPassword'];   
    
    // check if the account is existing
    $query = 
        "
            SELECT * 
            FROM Account
            WHERE username = '$username' AND password = '$password'
        ";
    
    $result = mysql_query($query) or die ('Error in query: $query. ' . mysql_error());
    
    if (mysql_num_rows($result) > 0) {
        $tempVar['msg'] = "valid";
        $row = mysql_fetch_array($result);
        $_SESSION['loggedUserId'] = $row['userId'];
        $_SESSION['firstName'] = $row['firstName'];
        $_SESSION['middleName'] = $row['middleName'];
        $_SESSION['lastName'] = $row['lastName'];
    }
    
    else {
        $tempVar['msg'] = "Invalid username or password.";
        //Below shows that you can pass many return values in an ajax of jQuery.
	//$tempVar['name'] = "error";
    }
    
    //output the response
    echo json_encode($tempVar);
    
    mysql_free_result($result);
    mysql_close($connect);
}   // End - Checker for those users who will just go to the page by typing directly in the url.
else {
 echo "You are not authorized to view this page. This incident will be reported immediately.";
}
?>        
